⚗ test grant (a tester)

501664d4 · Alice Salsé · 4ef227af · 501664d4 · 501664d4 · 501664d4
Commit 501664d4 authored Nov 23, 2020 by Alice Salsé
--- a/3_create_function_trigger.sh
+++ b/3_create_function_trigger.sh
@@ -14,4 +14,4 @@ done
 psql -h ${host} -d ${dbname} -U ${user} -p ${port} -b -q -v schemaname=${schemaname} -f sql/create_index.sql
 python python/qgs_field_definition.py $schemaname
 echo Grant roles
-psql -h ${host} -d ${dbname} -U ${user} -p ${port} -b -q -v schemaname=${schemaname}  -f sql/grant_tables_roles.sql
+psql -h ${host} -d ${dbname} -U ${user} -p ${port} -b -q -v schemaname=${schemaname} schematype=${schematype} -f sql/grant_tables_roles.sql
--- a/3_create_network_function_trigger.sh
+++ b/3_create_network_function_trigger.sh
@@ -15,4 +15,4 @@ psql -h ${host} -d ${dbname} -U ${user} -p ${port} -b -q -v schemaname=${scheman
 psql -h ${host} -d ${dbname} -U ${user} -p ${port} -b -q -v schemaname=${schemaname} -f sql/create_index.sql
 python python/qgs_field_definition.py $schemaname
 echo Grant roles
-psql -h ${host} -d ${dbname} -U ${user} -p ${port} -b -q -v schemaname=${schemaname}  -f sql/grant_tables_roles.sql
+psql -h ${host} -d ${dbname} -U ${user} -p ${port} -b -q -v schemaname=${schemaname} schematype=network -f sql/grant_tables_roles.sql
--- a/sql/grant_tables_roles.sql
+++ b/sql/grant_tables_roles.sql
@@ -6,10 +6,12 @@ GRANT ALL ON DATABASE :DBNAME TO administrateur;
 GRANT CONNECT,TEMP ON DATABASE :DBNAME TO editeur,viewer;

 SET tmpvar.schemaname TO :'schemaname';
+SET tmpvar.schematype TO :'schematype';
 -->> FONCTION QUI ACTIVE LES DROITS ADEQUATS SUR CHAQUE TABLE EXISTANTE
 DO $$
 DECLARE
    _schema text := current_setting('tmpvar.schemaname', true);
+    _schtype text := current_setting('tmpvar.schematype', true);
    schms CURSOR FOR
        SELECT nspname FROM pg_namespace
    		where nspname not in ('public', 'information_schema')
@@ -27,12 +29,12 @@ BEGIN
 			EXECUTE 'GRANT USAGE ON SCHEMA '||s.nspname||' TO editeur, viewer;';
      --TABLES PRIVILEGES
      ----REVOKE admin+editeur+viewer
-			EXECUTE 'ALTER DEFAULT PRIVILEGES IN SCHEMA '||s.nspname||' REVOKE ALL ON TABLES FROM administrateur, editeur, viewer;';
-			EXECUTE 'ALTER DEFAULT PRIVILEGES IN SCHEMA '||s.nspname||' REVOKE ALL ON FUNCTIONS FROM administrateur, editeur, viewer;';
-			EXECUTE 'ALTER DEFAULT PRIVILEGES IN SCHEMA '||s.nspname||' REVOKE ALL ON SEQUENCES FROM administrateur, editeur, viewer;';
-			EXECUTE 'REVOKE ALL ON ALL TABLES IN SCHEMA '||s.nspname||' FROM administrateur, editeur, viewer;';
-			EXECUTE 'REVOKE ALL ON ALL FUNCTIONS IN SCHEMA '||s.nspname||' FROM administrateur, editeur, viewer;';
-			EXECUTE 'REVOKE ALL ON ALL SEQUENCES IN SCHEMA '||s.nspname||' FROM administrateur, editeur, viewer;';
+			EXECUTE 'ALTER DEFAULT PRIVILEGES IN SCHEMA '||s.nspname||' REVOKE ALL ON TABLES FROM administrateur, editeur, editeur_nw, editeur_events, viewer;';
+			EXECUTE 'ALTER DEFAULT PRIVILEGES IN SCHEMA '||s.nspname||' REVOKE ALL ON FUNCTIONS FROM administrateur, editeur, editeur_nw, editeur_events, viewer;';
+			EXECUTE 'ALTER DEFAULT PRIVILEGES IN SCHEMA '||s.nspname||' REVOKE ALL ON SEQUENCES FROM administrateur, editeur, editeur_nw, editeur_events, viewer;';
+			EXECUTE 'REVOKE ALL ON ALL TABLES IN SCHEMA '||s.nspname||' FROM administrateur, editeur, editeur_nw, editeur_events, viewer;';
+			EXECUTE 'REVOKE ALL ON ALL FUNCTIONS IN SCHEMA '||s.nspname||' FROM administrateur, editeur, editeur_nw, editeur_events, viewer;';
+			EXECUTE 'REVOKE ALL ON ALL SEQUENCES IN SCHEMA '||s.nspname||' FROM administrateur, editeur, editeur_nw, editeur_events, viewer;';
 			----GRANT admin
 			EXECUTE 'ALTER DEFAULT PRIVILEGES IN SCHEMA '||s.nspname||' GRANT ALL ON TABLES TO administrateur WITH GRANT OPTION;';
 			EXECUTE 'ALTER DEFAULT PRIVILEGES IN SCHEMA '||s.nspname||' GRANT ALL ON FUNCTIONS TO administrateur WITH GRANT OPTION;';
@@ -52,11 +54,36 @@ BEGIN
      ----GRANT viewer
      EXECUTE 'ALTER DEFAULT PRIVILEGES IN SCHEMA '||s.nspname||' GRANT SELECT ON TABLES TO viewer;';
      EXECUTE 'GRANT SELECT ON ALL TABLES IN SCHEMA '||s.nspname||' TO viewer;';
+      -- IF SCHEMA TYPE network
+      if _schtype = 'network' then
+        ----GRANT editeur_nw
+        EXECUTE 'ALTER DEFAULT PRIVILEGES IN SCHEMA '||s.nspname||' GRANT INSERT, SELECT, UPDATE, DELETE ON TABLES TO editeur_nw;';
+        EXECUTE 'ALTER DEFAULT PRIVILEGES IN SCHEMA '||s.nspname||' GRANT EXECUTE ON FUNCTIONS TO editeur_nw;';
+        EXECUTE 'ALTER DEFAULT PRIVILEGES IN SCHEMA '||s.nspname||' GRANT USAGE ON SEQUENCES TO editeur_nw;';
+        EXECUTE 'GRANT INSERT, SELECT, UPDATE, DELETE ON ALL TABLES IN SCHEMA '||s.nspname||' TO editeur_nw;';
+        EXECUTE 'GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA '||s.nspname||' TO editeur_nw;';
+        EXECUTE 'GRANT USAGE ON ALL SEQUENCES IN SCHEMA '||s.nspname||' TO editeur_nw;';
+        ----GRANT editeur_events
+        EXECUTE 'ALTER DEFAULT PRIVILEGES IN SCHEMA '||s.nspname||' GRANT SELECT ON TABLES TO editeur_events;';
+        EXECUTE 'GRANT SELECT ON ALL TABLES IN SCHEMA '||s.nspname||' TO editeur_events;';
+      -- IF SCHEMA TYPE events
+      elsif _schtype = 'events' then
+        ----GRANT editeur_events
+        EXECUTE 'ALTER DEFAULT PRIVILEGES IN SCHEMA '||s.nspname||' GRANT INSERT, SELECT, UPDATE, DELETE ON TABLES TO editeur_events;';
+        EXECUTE 'ALTER DEFAULT PRIVILEGES IN SCHEMA '||s.nspname||' GRANT EXECUTE ON FUNCTIONS TO editeur_events;';
+        EXECUTE 'ALTER DEFAULT PRIVILEGES IN SCHEMA '||s.nspname||' GRANT USAGE ON SEQUENCES TO editeur_events;';
+        EXECUTE 'GRANT INSERT, SELECT, UPDATE, DELETE ON ALL TABLES IN SCHEMA '||s.nspname||' TO editeur_events;';
+        EXECUTE 'GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA '||s.nspname||' TO editeur_events;';
+        EXECUTE 'GRANT USAGE ON ALL SEQUENCES IN SCHEMA '||s.nspname||' TO editeur_events;';
+        ----GRANT editeur_nw
+        EXECUTE 'ALTER DEFAULT PRIVILEGES IN SCHEMA '||s.nspname||' GRANT SELECT ON TABLES TO editeur_nw;';
+        EXECUTE 'GRANT SELECT ON ALL TABLES IN SCHEMA '||s.nspname||' TO editeur_nw;';
+      end if;
 		end if;
    if s.nspname in (_schema||'_vl', 'config', 'fdp') then
-      ----GRANT viewer
-      EXECUTE 'ALTER DEFAULT PRIVILEGES IN SCHEMA '||s.nspname||' GRANT SELECT ON TABLES TO editeur,viewer;';
-      EXECUTE 'GRANT SELECT ON ALL TABLES IN SCHEMA '||s.nspname||' TO editeur,viewer;';
+      ----GRANT editeur+viewer
+      EXECUTE 'ALTER DEFAULT PRIVILEGES IN SCHEMA '||s.nspname||' GRANT SELECT ON TABLES TO editeur, editeur_nw, editeur_events, viewer;';
+      EXECUTE 'GRANT SELECT ON ALL TABLES IN SCHEMA '||s.nspname||' TO editeur, editeur_nw, editeur_events, viewer;';
 		end if;
    END LOOP;
 END$$;